[ic] {OT} hardening SSL without rejecting users

Jon Jensen jon at endpoint.com
Tue Apr 27 14:54:07 UTC 2010

On Mon, 26 Apr 2010, Grant wrote:

> I've been advised to harden my SSL in the following ways:
> 1. disable SSL 2.0
> 2. disable use of SSL ciphers which offer either weak or no encryption
> 3. disable anonymous SSL ciphers
> Will some website users not be able to use https if I do this?

Should be fine. That's all been good practice for years now.

A good Apache mod_ssl configuration to achieve that is:

SSLProtocol all -SSLv2


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list